Category - Azure

When I talk with Customers about Microsoft Azure, I can usually gauge pretty quickly if they are ready to dive or not quite ready yet. Lets face it, if you are a die hard IT Pro who has been working On-Premises for the bulk of your career, starting to use “The Cloud” can be a little unnerving. That’s one of the reasons I always try to get something across from the start: Using public cloud resources should be an AND conversation, not a mutually exclusive OR conversation.

No one is trying to get you to drop and migrate all your resources out to “The Cloud”.

I started dabbling in Microsoft Azure a while back, when IaaS first came out. Things have changed a lot since then, lots of new functionality has been added and it’s getting easier and easier to use. I’ve started to think about it as simply “another” location I could use when I decide to deploy new virtual machines. What are your options for connectivity to these machines? You can abstract it out to 4 levels of connectivity:

Remote Management only: When you spin up new systems in Azure – You control remote connectivity to the machine by modifying things called EndPoints. There are only 2 EndPoints that are open for remote management – an RPD session on a custom port and remote management port is open. End result, you can get into your machine and if there are multiple machines in your setup, they could have connectivity to each other.

Point to Site VPN: I typically see this one as a quick and dirty connection method for a single machine that resides on premises to have unfettered access to the machines up in Azure. Think of this as either a development box or maybe a database server that you want to keep on-premises for whatever reason, but you want the machines in Azure to have two way communication back to it. Simple to setup, easy to manage. You configure this from the Azure portal and download the VPN client to run on the box.

Site to Site VPN: Similar to the Point to Site, but it requires some additional setup. You have to define all the subnets you want connectivity to on premises and in Azure and then download a Gateway configuration script. It could either be a hardware router that need to setup on premises or it could be a configuration file that you can load into a Windows Server 2012 R2 RRAS server. The nice thing about this option is that connectivity is not limited to only one system. Any system that is within the network ranges you defined will be able to route it’s packets out to Azure and Back.

ExpressRoute: This is the ultimate connectivity option if you plan on going full on Hybrid after trying out one of the other three options. This is a subscription service which can be enabled on your account that leverages an existing connection you have with one of our partner network providers. Our partner providers have direct connections to various Azure Regions, allowing for a direct connection from your network over their private lines into the Azure Datacenter. Your packets are never transmitted over the public internet – it all stays within the network of the provider or Azure Datacenter at a very high speed with minimal latency. This option comes in very handy when you have a large number of resources on premises that need connectivity without latency up to the Azure world.

I have had very good success using both the Point to Site and Site to Site VPN in smaller production rollouts or pilots / proof of concepts. When it comes to a more robust connectivity options, ExpressRoute is definitely the top tier solution.

Breaking news: We made some announcements at TechEd Europe this week – two additional European partners have been added to the ExpressRoute family (Orange and BT).

…or maybe “How the H-E-Double-Hockey-Sticks do you keep up with What’s New in Azure?” would be better. 😉

It’s just about an impossible feat to accomplish – based on the number of teams working on this massive thing called “Microsoft Azure”, all with a cadence of what seems like 1-2 weeks…

Welcome to the world of “The Cloud”. As Mark Russinovich said to me during an interview at TechEd:

“In order to go fast in a cloud world, you actually have to go fast”

He wasn’t joking.

Part of what I do for my Job at Microsoft is talk about technologies in a specific area in context of the bigger picture of the IT Industry. I work with various Engineering / product teams to understand their technologies and how it would apply to solve issues in “the real world”. I used to focus exclusively on the core infrastructure of Windows Server. Over the last couple of years I decided to expand that focus to include Microsoft Azure. But wait, Azure is a big place – lots of innovation in all sorts of areas. How do I narrow it down? I focus my effort on technologies and solutions using Azure that would be beneficial for IT Professionals and SysAdmins to bring into their organizations to be more successful.

Besides talking and meeting with the Teams here on Campus – one of the best places to find out what is new is via the official Azure Blog. I find I tend to focus just on Virtual Machines and supporting technologies categories (View all posts in Virtual Machines). From there, I dug up my “top 3” things from the past year that I thought I’d share with you here:

#3) D Series Machines – with SSD

As we roll out new hardware in our datacenters around the world, we are able to offer up new capabilities to our services. Virtual Machines is no exception to that. As a result – we get a new series of machines that have faster processing power, better memory to core ratio and faster disk options. Introducing The D-Series Machines.

#2) ExpressRoute and other VPN solutions

When I talk about “The Cloud” and Microsoft Azure with anyone, I always make sure to do it as an AND conversation, not an OR conversation. I see the Public Cloud as an extra tool you can use in your toolbox when designing architecture for new or existing projects. It’s an AND, mainly because of our connectivity options AND existing skillsets.

VPN Connectivity could mean a point-to-site discussion for a specific box that is located on-prem or it could be a Site-to-Site connectivity option to truly act as an extension of your on-premises environment. We announced in May 2014 the addition of what we’re calling ExpressRoute connectivity to select datacenters. Think of this as your internet provider with whom you already have WAN connectivity or Internet connectivity with now having the option to route traffic directly into an Azure Datacenter instead of going across the public internet.

#1) – Azure Site Recovery in General Availability

Think of this scenario for a minute. You are working with SystemCenter on-premises to define your “clouds” of VMs managed by System Center Virtual Machine Manager. You want to enable a level of disaster recovery that you currently can’t have, because you only have one Datacenter. You can now use Azure as your second site and replicate them (provided they are Generation 1VMs) up to Microsoft Azure – using Azure Site Recovery.

Not only is this useful for Disaster Recovery – it could also be used to spin off isolated development environments or as a method of migration from on premises to Azure IaaS… I’ll be honest – it’s a bit tricky to setup and has some hefty requirements on the on-premises side (SystemCenter), but it’s a very attractive option for some DR goodness.

There you have it – my “Top 3” things that I’ve found interesting from the past year. What about you – got anything that you find particularly useful to share in the Azure space? Any cool sources – share theme here in the comments!

In this episode of The Edge Show – I catch up with some of my Azure RSS feeds and discover this little announcement and blog post by Beth Cooper, Program Manager on the Azure Automation team. After a quick exchange of emails – I managed to get her to come down and give us a tour of this cool option and tell us how anyone in the community can contribute their own Runbooks!

Silect Software Inc gives you a tool to help design and develop new Management Packs (MPs) for Operations Manager 2012 or customize existing MPs through an easy-to-use wizard-driven interface, without knowledge of the underlying MP structure or XML development. Check out http://www.mpauthor.com for details.

I am assuming you have used the online graphical portal a bit and now you want to be more productive and start some rudimentary automation. We don’t expect you do use the portal for everything. For an IT Pro – the logical choice is to use PowerShell and work like an admin from your workstation. Before I go into more depth on all sorts of components and features/capabilities of Windows Azure, let’s prep your workstation for some automation.

Step 1: Download the files.

This will kick off the download of the Web Platform Installer. This tool will be available on your system to download the current version as well as all the updates we periodically make to the cmdlets.

Step 2: Use the Web Platform Installer to install cmdlets and dependencies.

It’s not just the cmdlets that will download – it’s also all the dependencies that come down and get updated as well. don’t worry – the Web Platform Installer (WebPI) has you covered for ensuring everything is up to date.

Step3: Put the install location into your path

This is optional, but helpful if you will be using the cmdlets a lot. There a a number of ways to do this, but in my opinion, the least invasive way is to update your PATH environment variable with the Azure cmdlets install path.

Pull up your system properties. (I right click on “This PC” or My Computer and choose properties). Click on Advanced System Settings.

Click on Environment Variables

Update the path statement to include C:Program Files (x86)Microsoft SDKsWindows AzurePowerShellAzure. Don’t forget to go to the end of the line and add a ; before overwriting your path!

Close off all your windows with the OK buttons and you are good to go.

Step 4: try it out in PowerShell and PowerShell ISE

Just to make sure – check it out in your PowerShell window and tool of your choice.

Fairly simple and straight forward – but surprisingly hard to find out how to set it up in the easiest way possible. From now on – this system is ready to go with the Azure PowerShell cmdlets.

Step 5: Simplify Your Settings

When you need to run a command against your Windows Azure subscription, the session will need some settings to be referenced a lot. This means you will get a window pop-up to login to your Microsoft Account or account you are using to manage and interact with your subscription via the portal. To make your life WAY easier – if this is your “management workstation” that you maintain and secure, you can download your Azure Publish Settings file including your management certificate. Trust me – it will make your life easier if you do this. It’s so simple.

From a PowerShell prompt, type in:

PS C:> Get-AzurePublishSettingsFile

That will require authentication to the Azure Portal in order to create your Settings File.

It will prompt you to download and save it to a secure location. Change to that location in your PowerShell window and then type in:

PS C:> Import-AzurePublishSettingsFile

If you were not in the proper directory where the file resides, you will need to include the full path and name of the file.

To check if the settings file worked correctly – check what subscription is active in the PowerShell console session by typing in:

PS C:> Get-AzureSubscription

This should respond with details of your subscription, including details on the management certificate which will be valid for one year.

That’s It – You Are DONE!

Step 6: What about Updates?

That’s simple! Periodically run the WebPI utility to ensure there are no updates.

Notice the date for Windows Azure PowerShell AND that there is no option to “add” it anymore as it has already been installed. If updates are available that button will become active once again.

That’s about it – if there was an update, it would come down to the appropriate path that has already been added to the system path and therefore all new PowerShell windows and ISE sessions would automatically be updated with new functionality.

I think it is relatively apparent where you go for the Free Trial – but I thought I’d highlight the arrows with more arrows in red.

You’ve got links to a FAQ, a phone number you can call to answer questions and $200 in credit to spend on your trial. I suggest you take a moment to read the FAQ. There are a lot of preconceived notions that are either false or greatly out of date with regards to signing up for a free trial. I’ll highlight a couple below:

You can use the $200 to try out any number of services without restriction (except the $200 credit limit or 30 days – whichever comes first).

The trial is absolutely FREE – you will not be charged for anything above and beyond the $200 credit.

MYTHBUSTER: we do not charge you for overages or “mistakes” you make during this trial because you are unfamiliar with how billing works and you are in a “learning phase”. In the past we did not have a “cap” that could be added to protect early adopters from getting bills they didn’t expect.

CreditCard and Microsoft Account are required.

MYTHBUSTER: as mentioned above – we do not charge your card for this free trial. You are welcome to use your business or personal card – they are used for identification purposes only. I mean – come on- we don’t want people spinning up services and VMs to do BitcoinMining things without knowing who they are.

If you exceed the $200 credit limit on this trial or hit 30 days, the services and account will be automatically suspended. You are welcome to convert the trial into a simple “Pay-As-You-go” option to maintain your services and will be billed accordingly for services use.

The Spending Limit feature is targeted to the MSDN and Partner Cloud network members. It is not available on the Pay-As-You-Go or consumption plans. It was designed to ensure these members won’t get billed while they are developing solutions on the Azure Platform.

You are able to sign up for Billing Alerts to warn you when you are approaching thresholds and want to proactively scale back before incurring charges. See this article for more details.

Note regarding the Credit Card requirements: All online “cloud” services space require a credit card for identity verification and trials these days. It’s the minimum bar for entry to ensure some level of validation / accountability. If you don’t have one, you might be able to register one of those “pre-paid charge cards” from a store, provided you registered your information for online purchases – but I’ve never tried it myself.

Fill out the registration details with validation text message or automated voice call.

Once the code gets validated, the payment information becomes available. Once confirmed, you should end up at the Subscriptions page with a “pending status” as we get things setup for you.

This can take some time – click on the (Click here to refresh) option to check on it’s status. When I wrote this blog post it took all of a minute to be ready. Once you are listed as “Active” (my screenshot shows “Pending”) you can click on the blue Portal area up in the right corner.

Once you progress to the portal – a quick tour option is available to walk you through the very basic functionality of what the Management portal can do and it’s various notification areas that are context sensitive.

Once you have gone through the quick 5 slices of info – you are dropped into the Management Portal for your Windows Azure account. You’ll be spending some time in here working with the services and setting things up. I’ll be going over a bunch of things I’ve done in here as part of this ongoing series. Take some time, explore a bit and check out the Help in the bottom right corner of the management portal.

Lets have some quick fun – something all of us ServerHuggers can embrace and understand – Lets make a Windows Server 2012 R2 Virtual Machine and RDP into it!. To keep things REAL simple – I suggest you try out the Quick Create of a VirtualMachine from the big NEW button at the bottom left of your portal.

Fill in a unique DNS name (I use my initials RJC with demoVM to make RJCDemovm), create a local admin user name and confirm a admin password. Finally, choose a region/affinity group (where will it be hosted) and click on “Create Virtual Machine”. Once the info has been submitted – Azure will start the provisioning process and give you a status update in the portal. You can see from the shot below – mine is provisioning, it has a name of rjcdemo.cloudapp.net and you can see a job to finish it’s provisioning is running by the animated green bars in the bottom right corner of the portal.

Notice it takes some time to spin up – think of a VHD being copied out of a VM Library and then being assigned into your storage and finally being started for the first time. It has to go through the initial Sysprep like first boot activities and have configuration settings passed through to it via a custom made unattend.xml file (where do you think it got the username and password to create from?). Eventually it will come up to a Running state.

Once it hits that Running State – you have the billing meter running (against your $200 free credit) to the tune of about $0.10 / hr for a small instance. It’s billed by the minute and you are NOT charged when it is Shut Down – so don’t forget to shut it down when you are done playing with it.

You’ll notice at the bottom, when the machine is selected you can Connect, Restart, Shut Down, Attach / detach disk, capture and Delete. Click on the CONNECT button.

A familiar open/save dialogue opens up – save the file someplace – it’s just a RDP file that has the Fully Qualified Domain Name to your VM and the special non-standard listening port for the RDP connection (in my case it’s rjcdemovm.cloudapp.net:52778). This gets re-mapped to the proper 3389 port by Azure (more on this later). Launch this connection and sign in with the Admin ID and password you filled out in the Quick Connect form and Voila!

NOTE: In case you didn’t know, if you sign in with a .{username} it signifies that you are logging in to the LOCAL account database of the system (since it’s not domain joined AND since I am running this demo from my corporate machine – you can see me authenticate correctly in the middle with local creds).

Accept the certificate warning and the RDP session opens to your new desktop of a server running in the cloud on an ISOLATED network that has been NAT’ed behind the Azure firewall. Feels like home, eh? Go ahead – poke around, check out and explore all the sort of stuff you would do when you rack a server or spin up a VM for the first time. Kick the tires and play around – all seems very familiar, eh?

ok – that’s enough for this post. Once you are done playing around, log off the Virtual Machine and return to the Azure Management Portal. From there, select the machine and choose SHUTDOWN from the bottom bar. This will gracefully shutdown the VM and stop the charges for the machine in order to preserve your credit. If you forget – it’s going to cost you $1.20 to run this overnight for 12 hrs or so – not exactly going to break the bank.

Congrats on taking the first step towards this Cloud thing as a ServerHugger.

it wasn’t so bad now, was it?

P.S. One last thing:

If you are from the developer side of the house in IT – you might already have an MSDN subscription that includes reoccurring monthly credits and benefits that can be activated. If you’re an IT guy who sits on the Infrastructure side of the house – you might want to check to see if your developer brethren have already started using this benefit and see if you can get in to the action. You see – you can have multiple admins and access to subscriptions for access to these benefits. But really – you probably want your own space to play in and learn.

As you may or may not know – I am a Server Hugger – heck I even have a pin to prove it. But – as I like to take on challenges, I thought I would transition my expertise out of on-premise server architecture and infrastructure and walk on the wild side for a while. I’m on a personal mission to get my head around everything there is to know about Windows Azure – from a Server Hugger’s perspective.

Since I’m making this transition and embarking on a fully immersive Azure experience – I thought I’d document it along the way here on the blog. Don’t worry – I won’t be abandoning all things Windows Server / Storage / On-Premises – that will be continuing. I’ll be able to transition my skills to be more “cloudy” based on everything I’ve read and come out for the better on the other side.

I’ll be tagging my posts in a new category “Azure 4 Server Huggers” so you can find them amongst the stuff I have going on here. I will also caveat that each entry will be date specific as technologies evolve extremely fast in the Azure space. I’ll do my best to keep them updated as things change.

Finally – all content in this series will be coming from the perspective of a Server Hugger with 25+ years experience working in on-premises IT environments. There will be minimal “dev” stuff going on – other than how to support and work with them along the way. I’ll be bringing my architect experience along with me.